| Title | xierongwkhd weimai-wetapp <=1.0.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability exists in the /home/getLikeMovieList endpoint. The cat parameter is passed unsanitized
through the controller → service → MyBatis mapper chain without parameterization. SQLMap confirmed exploitability via
boolean-based blind and error-based techniques, retrieving the current DB user as root@%. |
|---|
| Source | ⚠️ https://github.com/xierongwkhd/weimai-wetapp/issues/49 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 02/26/2026 04:22 (3 months ago) |
|---|
| Moderation | 03/11/2026 13:33 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 350387 [xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Endpoint HomeController.java getLikeMovieList cat sql injection] |
|---|
| Points | 19 |
|---|